Pages

Thursday, October 17, 2013

Protecting Your Network: Intrusion Deception

The Internet is made up of websites. We use these websites to shop, bank, research, work and relax. These websites contain information on people, places, and things. This means information on me and you. That information is valuable to someone and it’s important for that information to remain secure. In previous “Protecting Your Network” blogs, we’ve talked about the ways we secure that information using firewalls, IPS, application inspection, policies and good ole’ fashion common sense. Today, we’re going to talk about a new tool in the fight against those who want access to our data and information, Intrusion Deception.

What is “Intrusion Deception”? Simply put, Intrusion Deception is counter-warfare on a technical level. We’re feeding false information to attackers to make them think they’ve hit a goldmine, all the while gathering information on them, fingerprinting their devices and recording their methods in an effort to quickly identify them. This means that when they try to attack again, we can quickly apply countermeasures to stop them in their tracks.

In the past, ambitious security engineers would stand up an unpatched web server on the Internet disconnected from anything else and allow it to be compromised. They would then take it offline and perform a forensic analysis on the machine to see what had been done, from where, how, and what could be implemented from a security standpoint to prevent it from happening again - rinse and repeat. This method was time-consuming, expensive and completely reactive. The attackers were always multiple steps ahead in the battle.

Enter Junos WebApp Secure (formerly Mykonos), the first of its kind Web Intrusion Deception System that detects, tracks, profiles and prevents attacks in real-time. Coupled with Junos Spotlight Secure, a cloud based hacker device intelligence service, we now have a method of identifying and tracking attacks and proactively preventing these attacks from happening. Rather than relying on the reactive method of signature-based IPS / IDS or Anti-virus / Malware detection points, WebApp Secure relies completely on the malicious actions of the attacker acting on fictitious code embedded in a given website. Code a normal user will not see, but an attacker will see and view as an easy entry point for gaining valuable information.